Log Rotation enhancement

[zirus001]

Hello, Been using stigman-watcher for almost a year now and we still love it. Kudos to everyone involed. When I first set it up I forgot and left logging on and by defualt debug mode was enabled so I happen to notice a 7GB on our file server today..lol So I wanted to reach out and see if there could be a way to incorporate a log rotation feature in the future releases. I am working on possibly injesting our logs into Graylog and alerting on specific systems when the STIGs are pulled into STIG Manager. This way our assigned teams will know when to log in and review them.

[cd-rite]

Hi @zirus001 Thanks for the suggestion, glad this tool is working out for you! However, this suggestion is a bit out of scope for this utility. Our intent is to keep it extremely lightweight, and our recommendation when using the tool in production would be to use an external tool to manage it, and it's logs. Some tools could manage it as a service, and that tooling should be able to capture our log entries from STDOUT, rather than our optional file. I think some users have used WinSW for this: https://github.com/winsw/winsw https://github.com/winsw/winsw/blob/v3/docs/logging-and-error-reporting.md

I think other users have had luck with PM2: https://github.com/Unitech/pm2

There are lots of ways to rotate logs, and lots of tools specifically focused on it that could cater to your specific needs. I haven't used graylog, but that might be the best solution for you!

Thanks again for the suggestion!

[zirus001]

Hey @cd-rite, Yeah between evalute-stig, Stig-manager, and Stig watcher it's better than any other automated scap process out there. That's fine. I think my intent was to just keep the log from filling up the hard drive in the long term. When we pickup the logs with graylog there is no need to keep them on the OS. I'll just make a process for shutdown that will delete the file and upon reboot it will re-create it. Thanks!